** Now in Android and iOS app stores **

No Face, No Name, No Number, No SIM card, No Internet! Berty is a messenger that doesn’t require any of your personal data or network connection (using Bluetooth Low Energy BLE). All conversations are encrypted with end-to-end encryption, in a fully distributed network.

It is a peer-to-peer messenger with no servers, no cloud - your data is only stored on the device where Berty is installed and used. No one would be able to access the data or shut the app down, not even the developers.

Being P2P, it means the IP address needs to be available to route messaging, but their site explains a bit about how they’ve tried to mask this. Whilst Briar is an excellent alternative, it is still Android only. The closest alternative is maybe Jami, but it lacks a non-Internet Bluetooth alternative if I recall correctly. Interestingly, Berty also can use Airdrop (iOS to iOS) and Android’s Nearby as alternative protocols.

You can share your details and add contacts via a QR code, public key, or an invite link. It is currently available on both iOS and Android, with desktop clients to follow.

See https://berty.tech/

#technology #messenger #berty #P2P #IPFS #privacy

  • Arthur BesseA
    link
    fedilink
    arrow-up
    10
    ·
    edit-2
    3 years ago

    Skimming their website, I noticed two issues with their dependencies.

    First, https://berty.tech/docs/protocol/ says

    *The only non-standard packages used in the Berty Protocol are the following two, although they have been written by experts are widely reviewed by the community:

    • libp2p/go-libp2p-core/crypto
    • agl/ed25519/extra25519

    Clicking through to ed25519/extra25519, one can see that the upstream author replaced that code two years ago with a readme that says “This repository is unmaintained” and “Uncared for code is not a foundation to build upon”. (The part that was merged in to golang’s standard crypto library does not include the “extra25519” code that this project requires.)

    Second, I see that their Go-Tor-Transport relies on go-libtor which currently is using a year-old snapshot of the -dev branch of upstream tor. (I haven’t yet discerned if Tor is fundamental to their design or if it is an optional thing, but i suspect the latter?)

    • GadgeteerZAOP
      link
      fedilink
      arrow-up
      7
      ·
      3 years ago

      They do say it is early days still and not fully dependable V1.0. So there is work in progress, and they still want to have an independent security audit done. I think they are pretty open and forthcoming about what is not yet done. They were quite clear to state the product is not ready yet for the Ukraine war for example, and state people should not consider it for that use.

      Certainly in principle one does not want to build on unmaintained code (different from code that has not requited an update for any good reason for a while).

      So it is really a proof of concept now that is usable, but not yet declared finished as far as the security side goes (implying some of those loose ends mentioned). I gather from that we should not yet be judging it as a finished or production ready product.